Stay cautious: these fake AI video generators are stealing passwords


Cybercriminals have entered the AI gold rush to spread malware. Fake AI video generators are tempting users and stealing their data.

Viral AI tools such as video generators are becoming the glowing bait used by cybercriminals to get into users’ digital pockets.

Specialists are warning that a rapidly expanding phishing campaign is using fraudulent websites masquerading as legitimate AI tools such as Kling AI, Luma AI, and Canva Dream Lab.

ADVERTISEMENT

Once the victim “generates” a video from the text prompt, instead of downloading the creation, they download a malicious ZIP file.

The downloaded file contains the STARKVEIL dropper, which, when executed, installs additional malware components like GRIMPULL, XWORM, and FROSTRIFT.

Ads of fake AI tools
Fake AI tools ads on social media. Source: Mandiant

Once inside the device, malware quietly records what users type, scrapes browser data like saved passwords and session cookies, and pulls account credentials, including social media logins. All of it is funneled out through the Telegram API straight to the hands of attackers.

The operation, codenamed UNC6032 and believed to have ties to Vietnam, has been running with quiet efficiency since at least mid-2024.

Malware is advertised on Facebook and LinkedIn

Google’s subsidiary, threat intel firm Mandiant, tracked over 30 distinct scam sites, promoted through thousands of ads across Facebook, LinkedIn, and potentially other platforms, with a combined reach in the millions. In the EU alone, these malicious campaigns have touched more than 2.3 million accounts.

According to researchers, the domains pushed in Facebook ads are constantly rotated to dodge detection tools and minimize the chance of bans. Most ads disappear as quickly as they appear, replaced daily with fresh links and recycled branding.

ADVERTISEMENT

On LinkedIn, the footprint is smaller but still notable. Malicious ads there have racked up an estimated 50,000 to 250,000 impressions. The majority of impressions came from the US, but the targeting spread across Europe and Australia too, suggesting a deliberate, international approach to baiting victims.

Ads of fake AI tools
Fake AI tools ads on social media. Source: Mandiant
vilius Gintaras Radauskas Ernestas Naprys Paulina Okunyte
Don’t miss our latest stories on Google News.